VAmPI
Vulnerable REST API (OpenAPI 3) with OWASP Top 10 for APIs. Built with Flask for evaluating API security tools and learning. Includes global on/off switch for vulnerable vs secure mode, token-based auth, Swagger UI, and Postman collection.
Collections container
Technology Python Flask Docker OpenAPI Swagger
Categories Free-form Single-player
Author erev0s
Stars 
Last contribution Apr 7, 2026 < 6mo
Notes
Call GET /createdb to create and populate the database before using endpoints. Docker: vulnerable=1/0 and tokentimetolive configurable via env.